Lucene search
+L

834 matches found

hackerone
hackerone
added 2016/11/29 11:12 a.m.15 views

U.S. Dept Of Defense: Arbitary file download vulnerability on a DoD website

A DoD website was misconfigured in a manner that could have allowed an attacker to collect sensitive information about the web application or system. @psychomantis was able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you for notifying us of this vulnerability!...

2.1AI score
Exploits0
patchstack
patchstack
added 2016/04/25 12:0 a.m.5 views

WordPress The Events Calendar Plugin <= 4.1.1 - Open Redirection

This plugin is prone to an open redirection vulnerability in the "tribe-bar-view" parameter. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2016/04/25 12:0 a.m.12 views

The Events Calendar <= 4.1.1 - Open Redirect

The problem is located in the "tribe-bar-view" parameter that can be used to redirect a user to an arbitrary website. Timeline 2016-04-04 : Initial contact with Modern Tribe 2016-04-05 : Modern Tribe confirms the report 2016-04-07 : Modern Tribe publishes a new version 4.1.1.1 that resolves the...

2.3AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2016/04/25 12:0 a.m.12 views

The Events Calendar <= 4.1.1 - Open Redirect

The problem is located in the "tribe-bar-view" parameter that can be used to redirect a user to an arbitrary website. Timeline 2016-04-04 : Initial contact with Modern Tribe 2016-04-05 : Modern Tribe confirms the report 2016-04-07 : Modern Tribe publishes a new version 4.1.1.1 that resolves the...

1.1AI score
Exploits0References1
patchstack
patchstack
added 2016/04/25 12:0 a.m.11 views

WordPress The Events Calendar Plugin <= 4.1.1 - Open Redirection

This plugin is prone to an open redirection vulnerability in the "tribe-bar-view" parameter. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
vulnerlab
vulnerlab
added 2016/03/06 12:0 a.m.29 views

Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities

Document Title: =============== Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1779 View Video: https://www.youtube.com/watch?v=-XLlpnjZXFM Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1778...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2015/07/14 12:0 a.m.42 views

The Events Calender: Eventbrite Tickets 3.9.6 Cross Site Scripting

Details ================ Software: The Events Calendar: Eventbrite Tickets Version: 3.9.6 Homepage: https://theeventscalendar.com/product/wordpress-eventbrite-tickets/ Advisory report:...

4.3CVSS0.1AI score0.02067EPSS
Exploits2
patchstack
patchstack
added 2015/05/15 12:0 a.m.8 views

WordPress Events Calendar Plugin <= 6.7.11a - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2014/08/01 10:59 a.m.12 views

The Events Calendar <= 3.0 - Reflected Cross-Site Scripting (XSS)

The The Events Calendar WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

1.4AI score
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2014/08/01 10:58 a.m.8 views

Events Calendar - SQL Injection

The events-calendar WordPress plugin was affected by a SQL Injection security vulnerability...

2.3AI score
Exploits0References1Affected Software1
patchstack
patchstack
added 2014/08/01 12:0 a.m.5 views

WordPress The Events Calendar Plugin <= 3.0 - Reflected Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.1AI score
Exploits0Affected Software1
patchstack
patchstack
added 2014/08/01 12:0 a.m.11 views

WordPress The Events Calendar Plugin <= 3.0 - Reflected Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.1AI score
Exploits0Affected Software1
seebug
seebug
added 2014/07/01 12:0 a.m.17 views

DevelopItEasy Events Calendar 1.2 - Multiple SQL Injection Vulnerabilities

No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.11 views

events calendar 1.1 - Remote File Inclusion Vulnerability

No description provided by source. Events Calendar 1.1 Remote File Inclusion Vulnerability ======================================================== Author: kevin mitnick tunisianblackhat team = = Home : http://tunisianblackhat.com = = email: kevinmitnickAlive.fr = =...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.30 views

Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability Vendor url:http://www.miniweb2.com/ Version:2.0 Price:250$ Published: 2010-06-10 Greetz to:Sid3^effects, MaYu...

7.1AI score
Exploits0
htbridge
htbridge
added 2011/08/10 12:0 a.m.30 views

Cross-site Scripting (XSS) Vulnerability WP Events Calendar

High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP Events Calendar, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in WP Events Calendar Input passed via the "ECid" GET parameter to /wp-admin/admin.php when "page"...

2.6CVSS6.1AI score
Exploits0Affected Software1
nvd
nvd
added 2009/04/06 2:30 p.m.24 views

CVE-2008-6608

Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter aka user field to admin/index.php, 2 the userpass parameter aka pass field to admin/index.php, or 3 the id parameter to...

7.5CVSS8.5AI score0.02353EPSS
Exploits0References6
prion
prion
added 2009/04/06 2:30 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter aka user field to admin/index.php, 2 the userpass parameter aka pass field to admin/index.php, or 3 the id parameter to...

7.5CVSS9.2AI score0.02353EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2009/04/06 2:0 p.m.26 views

CVE-2008-6608

Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter aka user field to admin/index.php, 2 the userpass parameter aka pass field to admin/index.php, or 3 the id parameter to...

8.5AI score0.02353EPSS
Exploits0References6
cve
cve
added 2009/04/06 2:0 p.m.43 views

CVE-2008-6608

DevelopItEasy Events Calendar 1.2 is affected by multiple SQL injection vulnerabilities. The flaws allow remote attackers to execute arbitrary SQL commands through (1) user_name (user field) or (2) user_pass (pass field) in admin/index.php, or (3) id in calendar_details.php. Root cause: improper ...

7.5CVSS8.8AI score0.02353EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder